Double-unref of GDBusConnection stream in gdbus-threading test
Spotted while running gdbus-threading
under asan while looking at something else:
=================================== 9/100 ====================================
test: glib:gio+slow / gdbus-threading
start time: 14:40:15
duration: 1.48s
result: exit status 1
command: G_TEST_SRCDIR=/opt/gnome/source/glib/gio/tests GIO_LAUNCH_DESKTOP=/opt/gnome/build/glib/gio/gio-launch-desktop G_DEBUG=gc-friendly G_TEST_BUILDDIR=/opt/gnome/build/glib/gio/tests GIO_MODULE_DIR='' MALLOC_CHECK_=2 G_ENABLE_DIAGNOSTIC=1 /opt/gnome/build/glib/gio/tests/gdbus-threading
----------------------------------- stdout -----------------------------------
TAP version 13
# random seed: R02S8b11abd77399c894a36548453aa9db42
# GLib-GIO-DEBUG: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)
1..3
# Start of gdbus tests
# GLib-DEBUG: g_set_user_dirs: Setting HOME to /tmp/test_gdbus-threading_7KYL01/gdbus/delivery-in-thread/.dirs/home
# GLib-DEBUG: g_set_user_dirs: Setting XDG_CACHE_HOME to /tmp/test_gdbus-threading_7KYL01/gdbus/delivery-in-thread/.dirs/cache
# GLib-DEBUG: g_set_user_dirs: Setting XDG_CONFIG_DIRS to /tmp/test_gdbus-threading_7KYL01/gdbus/delivery-in-thread/.dirs/system-config1:/tmp/test_gdbus-threading_7KYL01/gdbus/delivery-in-thread/.dirs/system-config2
# GLib-DEBUG: g_set_user_dirs: Setting XDG_CONFIG_HOME to /tmp/test_gdbus-threading_7KYL01/gdbus/delivery-in-thread/.dirs/config
# GLib-DEBUG: g_set_user_dirs: Setting XDG_DATA_DIRS to /tmp/test_gdbus-threading_7KYL01/gdbus/delivery-in-thread/.dirs/system-data1:/tmp/test_gdbus-threading_7KYL01/gdbus/delivery-in-thread/.dirs/system-data2
# GLib-DEBUG: g_set_user_dirs: Setting XDG_DATA_HOME to /tmp/test_gdbus-threading_7KYL01/gdbus/delivery-in-thread/.dirs/data
# GLib-DEBUG: g_set_user_dirs: Setting XDG_STATE_HOME to /tmp/test_gdbus-threading_7KYL01/gdbus/delivery-in-thread/.dirs/state
# GLib-DEBUG: g_set_user_dirs: Setting XDG_RUNTIME_DIR to /tmp/test_gdbus-threading_7KYL01/gdbus/delivery-in-thread/.dirs/runtime
ok 1 /gdbus/delivery-in-thread
# GLib-DEBUG: g_set_user_dirs: Setting HOME to /tmp/test_gdbus-threading_7KYL01/gdbus/method-calls-in-thread/.dirs/home
# GLib-DEBUG: g_set_user_dirs: Setting XDG_CACHE_HOME to /tmp/test_gdbus-threading_7KYL01/gdbus/method-calls-in-thread/.dirs/cache
# GLib-DEBUG: g_set_user_dirs: Setting XDG_CONFIG_DIRS to /tmp/test_gdbus-threading_7KYL01/gdbus/method-calls-in-thread/.dirs/system-config1:/tmp/test_gdbus-threading_7KYL01/gdbus/method-calls-in-thread/.dirs/system-config2
# GLib-DEBUG: g_set_user_dirs: Setting XDG_CONFIG_HOME to /tmp/test_gdbus-threading_7KYL01/gdbus/method-calls-in-thread/.dirs/config
# GLib-DEBUG: g_set_user_dirs: Setting XDG_DATA_DIRS to /tmp/test_gdbus-threading_7KYL01/gdbus/method-calls-in-thread/.dirs/system-data1:/tmp/test_gdbus-threading_7KYL01/gdbus/method-calls-in-thread/.dirs/system-data2
# GLib-DEBUG: g_set_user_dirs: Setting XDG_DATA_HOME to /tmp/test_gdbus-threading_7KYL01/gdbus/method-calls-in-thread/.dirs/data
# GLib-DEBUG: g_set_user_dirs: Setting XDG_STATE_HOME to /tmp/test_gdbus-threading_7KYL01/gdbus/method-calls-in-thread/.dirs/state
# GLib-DEBUG: g_set_user_dirs: Setting XDG_RUNTIME_DIR to /tmp/test_gdbus-threading_7KYL01/gdbus/method-calls-in-thread/.dirs/runtime
ok 2 /gdbus/method-calls-in-thread
# GLib-DEBUG: g_set_user_dirs: Setting HOME to /tmp/test_gdbus-threading_7KYL01/gdbus/threaded-singleton/.dirs/home
# GLib-DEBUG: g_set_user_dirs: Setting XDG_CACHE_HOME to /tmp/test_gdbus-threading_7KYL01/gdbus/threaded-singleton/.dirs/cache
# GLib-DEBUG: g_set_user_dirs: Setting XDG_CONFIG_DIRS to /tmp/test_gdbus-threading_7KYL01/gdbus/threaded-singleton/.dirs/system-config1:/tmp/test_gdbus-threading_7KYL01/gdbus/threaded-singleton/.dirs/system-config2
# GLib-DEBUG: g_set_user_dirs: Setting XDG_CONFIG_HOME to /tmp/test_gdbus-threading_7KYL01/gdbus/threaded-singleton/.dirs/config
# GLib-DEBUG: g_set_user_dirs: Setting XDG_DATA_DIRS to /tmp/test_gdbus-threading_7KYL01/gdbus/threaded-singleton/.dirs/system-data1:/tmp/test_gdbus-threading_7KYL01/gdbus/threaded-singleton/.dirs/system-data2
# GLib-DEBUG: g_set_user_dirs: Setting XDG_DATA_HOME to /tmp/test_gdbus-threading_7KYL01/gdbus/threaded-singleton/.dirs/data
# GLib-DEBUG: g_set_user_dirs: Setting XDG_STATE_HOME to /tmp/test_gdbus-threading_7KYL01/gdbus/threaded-singleton/.dirs/state
# GLib-DEBUG: g_set_user_dirs: Setting XDG_RUNTIME_DIR to /tmp/test_gdbus-threading_7KYL01/gdbus/threaded-singleton/.dirs/runtime
# GLib-GIO-DEBUG: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)
# GLib-GIO-DEBUG: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)
# GLib-GIO-DEBUG: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)
# GLib-GIO-DEBUG: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)
# GLib-GIO-DEBUG: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)
# GLib-GIO-DEBUG: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)
# GLib-GIO-DEBUG: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)
# GLib-GIO-DEBUG: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)
# GLib-GIO-DEBUG: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)
# GLib-GIO-DEBUG: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)
# GLib-GIO-DEBUG: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)
# GLib-GIO-DEBUG: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)
# GLib-GIO-DEBUG: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)
# GLib-GIO-DEBUG: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)
# GLib-GIO-DEBUG: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)
# GLib-GIO-DEBUG: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)
# GLib-GIO-DEBUG: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)
# GLib-GIO-DEBUG: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)
# GLib-GIO-DEBUG: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)
# GLib-GIO-DEBUG: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)
# GLib-GIO-DEBUG: refcount of 0x611000022c80 is not right (3 rather than 1) in test_threaded_singleton(), sleeping
# GLib-GIO-DEBUG: refcount of 0x611000022c80 is not right (3 rather than 1) in test_threaded_singleton(), sleeping
# GLib-GIO-DEBUG: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)
# GLib-GIO-DEBUG: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)
# GLib-GIO-DEBUG: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)
# GLib-GIO-DEBUG: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)
# GLib-GIO-DEBUG: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)
# GLib-GIO-DEBUG: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)
# GLib-GIO-DEBUG: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)
# GLib-GIO-DEBUG: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)
# GLib-GIO-DEBUG: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)
# GLib-GIO-DEBUG: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)
# GLib-GIO-DEBUG: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)
# GLib-GIO-DEBUG: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)
# GLib-GIO-DEBUG: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)
# GLib-GIO-DEBUG: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)
# GLib-GIO-DEBUG: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)
# GLib-GIO-DEBUG: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)
# GLib-GIO-DEBUG: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)
# GLib-GIO-DEBUG: refcount of 0x611000026c40 is not right (3 rather than 1) in test_threaded_singleton(), sleeping
# GLib-GIO-DEBUG: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)
# GLib-GIO-DEBUG: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)
# GLib-GIO-DEBUG: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)
# GLib-GIO-DEBUG: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)
# GLib-GIO-DEBUG: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)
# GLib-GIO-DEBUG: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)
# GLib-GIO-DEBUG: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)
# GLib-GIO-DEBUG: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)
----------------------------------- stderr -----------------------------------
=================================================================
==3170416==ERROR: AddressSanitizer: heap-use-after-free on address 0x60b000057900 at pc 0x7f5105bb3a8f bp 0x7ffc93410080 sp 0x7ffc93410078
READ of size 8 at 0x60b000057900 thread T0
#0 0x7f5105bb3a8e in g_datalist_get_flags ../../source/glib/glib/gdataset.c:1355
#1 0x7f51056d2434 in g_object_unref ../../source/glib/gobject/gobject.c:3824
#2 0x7f5104fec541 in g_dbus_connection_finalize ../../source/glib/gio/gdbusconnection.c:648
#3 0x7f51056d2e3d in g_object_unref ../../source/glib/gobject/gobject.c:3938
#4 0x407dcd in test_threaded_singleton ../../source/glib/gio/tests/gdbus-threading.c:642
#5 0x7f5105cb6d95 in test_case_run ../../source/glib/glib/gtestutils.c:3108
#6 0x7f5105cb7792 in g_test_run_suite_internal ../../source/glib/glib/gtestutils.c:3203
#7 0x7f5105cb7a56 in g_test_run_suite_internal ../../source/glib/glib/gtestutils.c:3222
#8 0x7f5105cb7f85 in g_test_run_suite ../../source/glib/glib/gtestutils.c:3302
#9 0x7f5105cb4a1a in g_test_run ../../source/glib/glib/gtestutils.c:2409
#10 0x4082a0 in main ../../source/glib/gio/tests/gdbus-threading.c:701
#11 0x7f510584a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)
#12 0x7f510584a5c8 in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x275c8)
#13 0x403794 in _start (/opt/gnome/build/glib/gio/tests/gdbus-threading+0x403794)
0x60b000057900 is located 80 bytes inside of 112-byte region [0x60b0000578b0,0x60b000057920)
freed by thread T3 here:
#0 0x7f51060b9388 in __interceptor_free.part.0 (/lib64/libasan.so.8+0xb9388)
#1 0x7f5105c41346 in g_free_sized ../../source/glib/glib/gmem.c:258
#2 0x7f510571e8f8 in g_type_free_instance ../../source/glib/gobject/gtype.c:2062
#3 0x7f51056d2e5e in g_object_unref ../../source/glib/gobject/gobject.c:3954
#4 0x7f5104ebd310 in g_task_finalize ../../source/glib/gio/gtask.c:712
#5 0x7f51056d2e3d in g_object_unref ../../source/glib/gobject/gobject.c:3938
#6 0x7f5105c197e2 in g_source_callback_unref ../../source/glib/glib/gmain.c:1742
#7 0x7f5105c172ab in g_source_destroy_internal ../../source/glib/glib/gmain.c:1407
#8 0x7f5105c209fb in g_main_dispatch ../../source/glib/glib/gmain.c:3490
#9 0x7f5105c24489 in g_main_context_dispatch ../../source/glib/glib/gmain.c:4200
#10 0x7f5105c24b48 in g_main_context_iterate ../../source/glib/glib/gmain.c:4276
#11 0x7f5105c25c49 in g_main_loop_run ../../source/glib/glib/gmain.c:4479
#12 0x7f510503845c in gdbus_shared_thread_func ../../source/glib/gio/gdbusprivate.c:284
#13 0x7f5105cc11f9 in g_thread_proxy ../../source/glib/glib/gthread.c:831
#14 0x7f51058ae12c in start_thread (/lib64/libc.so.6+0x8b12c)
previously allocated by thread T55 here:
#0 0x7f51060ba097 in calloc (/lib64/libasan.so.8+0xba097)
#1 0x7f5105c411f3 in g_malloc0 ../../source/glib/glib/gmem.c:163
#2 0x7f510571d8ff in g_type_create_instance ../../source/glib/gobject/gtype.c:1965
#3 0x7f51056c7c24 in g_object_new_internal ../../source/glib/gobject/gobject.c:2246
#4 0x7f51056ca16b in g_object_new_valist ../../source/glib/gobject/gobject.c:2585
#5 0x7f51056c6e90 in g_object_new ../../source/glib/gobject/gobject.c:2058
#6 0x7f5104ea7061 in g_socket_connection_factory_create_connection ../../source/glib/gio/gsocketconnection.c:688
#7 0x7f5104e9cf72 in g_socket_client_connect ../../source/glib/gio/gsocketclient.c:1168
#8 0x7f5104fc9942 in g_dbus_address_connect ../../source/glib/gio/gdbusaddress.c:701
#9 0x7f5104fc9fc4 in g_dbus_address_try_connect_one ../../source/glib/gio/gdbusaddress.c:807
#10 0x7f5104fcaacd in g_dbus_address_get_stream_sync ../../source/glib/gio/gdbusaddress.c:998
#11 0x7f5104ff4151 in initable_init ../../source/glib/gio/gdbusconnection.c:2539
#12 0x7f5104e051bb in g_initable_init ../../source/glib/gio/ginitable.c:130
#13 0x7f510500bfd8 in g_bus_get_sync ../../source/glib/gio/gdbusconnection.c:7476
#14 0x407a44 in get_sync_in_thread ../../source/glib/gio/tests/gdbus-threading.c:595
#15 0x7f5105cc11f9 in g_thread_proxy ../../source/glib/glib/gthread.c:831
#16 0x7f51058ae12c in start_thread (/lib64/libc.so.6+0x8b12c)
Thread T3 created by T0 here:
#0 0x7f510604b3e6 in __interceptor_pthread_create (/lib64/libasan.so.8+0x4b3e6)
#1 0x7f5105d68c2b in g_system_thread_new ../../source/glib/glib/gthread-posix.c:1221
#2 0x7f5105cc16b7 in g_thread_new_internal ../../source/glib/glib/gthread.c:935
#3 0x7f5105cc143e in g_thread_new ../../source/glib/glib/gthread.c:888
#4 0x7f51050386fe in _g_dbus_shared_thread_ref ../../source/glib/gio/gdbusprivate.c:309
#5 0x7f5105040e1d in _g_dbus_worker_new ../../source/glib/gio/gdbusprivate.c:1715
#6 0x7f5104ff4c70 in initable_init ../../source/glib/gio/gdbusconnection.c:2615
#7 0x7f5104e051bb in g_initable_init ../../source/glib/gio/ginitable.c:130
#8 0x7f510500bfd8 in g_bus_get_sync ../../source/glib/gio/gdbusconnection.c:7476
#9 0x40812b in main ../../source/glib/gio/tests/gdbus-threading.c:691
#10 0x7f510584a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)
Thread T55 created by T0 here:
#0 0x7f510604b3e6 in __interceptor_pthread_create (/lib64/libasan.so.8+0x4b3e6)
#1 0x7f5105d68c2b in g_system_thread_new ../../source/glib/glib/gthread-posix.c:1221
#2 0x7f5105cc16b7 in g_thread_new_internal ../../source/glib/glib/gthread.c:935
#3 0x7f5105cc143e in g_thread_new ../../source/glib/glib/gthread.c:888
#4 0x407d8b in test_threaded_singleton ../../source/glib/gio/tests/gdbus-threading.c:635
#5 0x7f5105cb6d95 in test_case_run ../../source/glib/glib/gtestutils.c:3108
#6 0x7f5105cb7792 in g_test_run_suite_internal ../../source/glib/glib/gtestutils.c:3203
#7 0x7f5105cb7a56 in g_test_run_suite_internal ../../source/glib/glib/gtestutils.c:3222
#8 0x7f5105cb7f85 in g_test_run_suite ../../source/glib/glib/gtestutils.c:3302
#9 0x7f5105cb4a1a in g_test_run ../../source/glib/glib/gtestutils.c:2409
#10 0x4082a0 in main ../../source/glib/gio/tests/gdbus-threading.c:701
#11 0x7f510584a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)
SUMMARY: AddressSanitizer: heap-use-after-free ../../source/glib/glib/gdataset.c:1355 in g_datalist_get_flags
Shadow bytes around the buggy address:
0x0c1680002ed0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
0x0c1680002ee0: fd fd fa fa fa fa fa fa fa fa fd fd fd fd fd fd
0x0c1680002ef0: fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa
0x0c1680002f00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa
0x0c1680002f10: fa fa fa fa fa fa fd fd fd fd fd fd fd fd fd fd
=>0x0c1680002f20:[fd]fd fd fd fa fa fa fa fa fa fa fa fd fd fd fd
0x0c1680002f30: fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa
0x0c1680002f40: fa fa fd fd fd fd fd fd fd fd fd fd fd fd fd fa
0x0c1680002f50: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x0c1680002f60: fd fd fd fd fd fd fa fa fa fa fa fa fa fa fd fd
0x0c1680002f70: fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==3170416==ABORTING
cleaning up pid 3170427
(test program exited with status code 1)
==============================================================================